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ABSTRACT 

How does a design engineer or manager choose be- 
tween a power subsystem with .990 reliability and a 
more costly power subsystem with .995 reliability? 
When is the increased cost of a more reliable power 
subsystem justified? 

A mathematical model is presented for computing total 
(spacecraft) subsystem cost including both the basic 
subsystem cost and the expected cost due to the failure 
of the subsystem. This model is then used to determine 
power subsystem cost as a function of reliability and 
redundancy. Minimum cost and maximum reliability 
and/or redundancy are not generally equivalent. Two 
example cases are presented. One is a small satellite, 
and the other is an interplanetary spacecraft. 

INTRODUCTION 

The methods described here can be applied to power 
subsystems in launch vehicles, satellites, and on earth. 
In addition, they can be utilized in many other types of 
applications which do not necessarily involve power. 

High reliability is not necessarily an end in itself. High 
reliability may be desirable in order to reduce the statis- 
tically expected cost due to a subsystem failure. Howev- 
er, this may not be the wisest use of funds since the 
expected cost due to subsystem failure is not the only 
cost involved. The subsystem itself may be very costly. 
We cannot consider either the cost of the subsystem or 
the expected cost due to subsystem failure separately. 
We therefore minimize the total of the two costs , i.e., 
the total of the cost of the subsystem plus the expected 
cost due to subsystem failure. 


We will be looking at subsystems which are part of a 
larger main system, such as a power subsystem which is 
a part of a main satellite system. In development of our 
analyses, we will talk about subsystems and main 
systems. In the examples, we will bring out power 
subsystems and larger aerospace-related systems. 

Expected value is an important ingredient in our quest 
for finding the best power subsystem. Therefore, we'll 
first consider the expected cost due to subsystem failure, 
which is written as E{co$t due to subsystem failure}. 
As with all expected values, this number depends upon 
both the dollar cost and the probability of its occur- 
rence. Let Cj be the dollar cost due to failure of the 
subsystem, including all costs incurred by subsystem 
failure (but not the cost of the subsystem itself). This 
number could be the entire cost of the main system 
(even greater in some circumstances) if failure of the 
subsystem resulted in complete failure of the main 
system. In other instances Cj would be less than the 
cost of the main system, e.g., failure of the subsystem 
resulted in only a partial failure of the main system. 

Now the expected cost due to subsystem failure is Cj 
times the probability that this cost will be experienced. 
Subsystem failure for us can only occur when the main 
system is good. If the main system fails (for other than 
failure of the subsystem), we’ll not experience cost due 
to subsystem failure. So, we discount the E{cost due to 
subsystem failure} by multiplying by the reliability of 
the main system. For example, let's consider a power 
subsystem in a rocket. The rocket may explode on the 
launch pad due to a fuel problem. Even if the power 
subsystem would have failed in flight, we would not 
experience this failure. Let r^ be the reliability of the 
main system (for other than failure of the subsystem), 
and let r s be the reliability of the subsystem. 
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Then E{cost due to subsystem failure} 

« CjPr{ subsystem failure | mainsystem good} 
x Pr{main system good} 

* <i(l-r s )r M * r M Ci(l-r s ). 

Wc can minimize this expected cost by building a sub- 
system with an extremely low probability of failure, i.e., 
a subsystem with extremely high reliability. In this 
situation it is not clear that we should build the most 
reliable subsystem possible since this will m inimiz e only 
the expected cost due to subsystem failure but does not 
consider the cost of building the subsystem itself. To 
make this decision, we should not consider the two costs 
separately. We therefore minimize the total of the two 
costs, i.e.. the total of the cost of the^subsvstem ulus the 
expected cost due to subsystem failure . The total cost 
to be minimized is given by 

C » cost of the subsystem + Efcost due to 
subsystem failure} 

~ cost of subsystem + r M c l^" r s) - 

In minimizing cost C we sec that we ar e balancing the 
cost of the subsystem against th e expected cost due to 
subsystem failure . 

NON-REDUNDANT POWER SUBSYSTEMS: 
SELECTING THE BETTER OF 
TWO ALTERNATIVES 

Let's look at a microsatellite example. Suppose that we 
have two possible power subsystems under consideration 
for the microsatellite. Power subsystem 1, which costs 
$200,000, has a .97 reliability. Power subsystem 2, with 
a cost of $100,000, has a .94 reliability. Without further 
information and analysis, there is no clear "besr power 
subsystem, and the choice is often based upon the 
amount budgeted for the power subsystem. 

For further analysis, let us say that the main microsat- 
ellite system has a reliability (exclusive of the subsystem 
under consideration) of r M = .96. We'll further assume 
that failure of the power subsystem will result in a cost 
of Cj = $10,000,000. Let us first compare the E{cost 
due to subsystem failure} for each of the two power 
subsystems. For power subsystem 1, 

E{cost due to subsystem failure} 

= r M CjPr{subsystem failure} 

= ^(1-^]) = .96 x $10,000,000 x .03 = $288,000. 


For power subsystem 2, 

E{cost due to subsystem failure} 

= ^(l-r^) «= .96 x $10,000,000 x .06 = $576,000. 

Since power subsystem 2 is less reliable than power 
subsystem 1, it has a higher expected cost of failure. 
However, since 2 is also less expensive to build, we 
need to compare the overall cost, C, for 1 and for 2. 
For power subsystem 1, 

Cg! - $200,000 + $288,000 - $488,000. 

For power subsystem 2, 

C§2 - $100,000 + $576,000 = $676,000. 

Since C S1 < C^, we select power subsystem 1 over 
power subsystem 2. 

For further information on expected values or on 
selecting the best subsystem in simple situations as 
above, you may refer to [2]. We also note that the 
methods contained in this paper do not consider time- 
related functions, such as the cost of failure as a 
function of mission time. Time-related functions are 
covered in considerable depth in [2], 

THE EFFECT OF REDUNDANCY: 

K OUT-OF-N:G SUBSYSTEMS 

In this article we’ll direct our attention to a specific type. 
of subsystem, called a k-out-of-n:G subsystem. Such a 
subsystem has n modules, of which k are required to be 
good for the subsystem to be good. As an example 
consider the situation where the engineer has a certain 
power requirement. He may meet this requirement by 
having one large power module, two smaller modules, 
etc. The number of modules required is called k. For 
example, the engineer may decide that k * 4. This 
means that each module is 1/4 of the full required 
power. Therefore, the subsystem must have 4 or more 
modules for the full required power. The number of 
modules used in the subsystem is called n. For 
example, an n = 6 and k = 4 subsystem would have 6 
modules each of 1/4 th power and thus would have the 
output capability of 1.5 times the required power. The 
engineer is free to choose n and k. Selection of the 
different values of n and k results in different 
subsystems, each with different costs and reliabilities. 
Since each n and k yields a different subsystem with 
different costs, we can therefore choose the subsystem, 
i.e., the n and k, which will minimize cost C. 
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Here we'll assume perfect switching devices (if needed) 
of negligible cost and independence of the modules of 
the subsystem. 

Although there are many variations of the k-out-of-n: G 
model, we’ll present a few of these possibilities to give 
some idea of its uses and potentialities. 


MODEL l (k faed and n variate) 

The simplest k-out-of-n: G model is one where the 
modules are independent and all have common 
probability p of being good and common probability of 
failure q ■ 1-p. Let X count the number of good 
modules. Now E{cost due to subsystem failure} 


* r M c l Pr{ subsystem failure} 


« r M c , Pr { x < k ) 




( \ 

n 

UJ 


f?<T* 


(1) 


Recall that C = cost of subsystem + E{cost due to 
subsystem failure}. We therefore need also to consider 
the cost of the subsystem. First consider a simple situa* 
tion where k is fixed. Here we are free to choose n. 
Then n-k will be the redundancy or number of spares in 
the subsystem. If each module costs c 4 then the cost of 
subsystem = nc 4 . Using this with (1) we obtain 

C * cost of subsystem + E{cost due to subsystem 
failure} 


k-1 

♦ r M c, £ 

*•0 


P*<T 


We wish to find the n which minimizes cost C. 

As an example, let's look at an interplanetary 
spacecraft. Consider the situation where k = 1, i.e., 
only one power module is required to be operational for 
the power subsystem to be operational. Suppose that 
the reliability of this single module is .95, i.e., p = .95. 
Let the reliability of the main spacecraft system for 
other than failure of the subsystem be .9, i.e., r M * .9. 
Suppose that the cost of one power module is 1 
(hundred million dollars, for example) i.e., c 4 = 1, and 
that the cost due to failure of the power subsystem is 10 
(hundred million), i.e., * 10. 



Figure 1 shows a plot of C for p ranging from .79 to .99 
and n's of 1 through 4. If the reliability of a single 
power module is .95, i.e., p * .95, note that n « 1 has 
the lowest value of C. Therefore the best power 
subsystem in this case is one with no spares. As a 
matter of fact we can see from Figure 1 that the 
subsystem of n = 1 has the lowest value of C for any p 
> .87. Therefore, as long as the reliability of a single 
power module is greater than .87, the best power 
subsystem is one with no spares. If p < .87, then n * 
2 has the lowest value of C. Therefore, if the individual 
power module has reliability less than .87 (but greater 
than .79), then the best power subsystem is one with 
one spare. For values of p < .79, we should view the 
graph over this range to find the best subsystem. 

Now suppose that Cj (cost due to failure of the 
subsystem) increases to 50 (plot in Figure 2). 



We first note that if p * .95, then the n « 2 power 
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subsystem is the best. If we compare Figures 1 and 2 
(at p - .95) we see that the larger value of Cj (in 
Figure 2) requires a larger value of n. This principle 
holds in general and makes sense. If the cost of 
subsystem failure increases, then more redundancy is 
required. Figure 2 reveals that if .83 < p < .98, then 
the n - 2 power subsystem is the best. If p falls below 
'.83, then more redundancy is required (n * 3). If p > 
.98, then no redundancy is required (n * 1). 


MODEL 2 fboth k and n variable) 

Suppose in model 1 that we are also free to choose k in 
our subsystem. If k is free to vary, then well call this 
model 2. Let C3 be the cost of a subsystem consisting 
of exactly one module. Further suppose that the cost of 
a subsystem with exactly k modules is C3 g(k). Here 
g(k) is the factor which measures the (generally) 
increased cost of building a subsystem consisting of k 
smaller modules rather than one large module. If g(k) 
= 1 for all k, then a subsystem of k modules costs the 
same as a subsystem consisting of a single module. Any 
g(k) may be used. For example, if a subsystem of 2 
smaller modules costs 4 times as much as a single 
module subsystem then g(2) = 4. Therefore this 
subsystem would cost C3 g(k) = C3 g(k) = 4cj. If a 
subsystem of 3 smaller modules costs 7 times as much 
as a single module subsystem then g(3) =7. Other 
values for g(k) may be defined in a similar manner. 
Therefore, in the above example, g(l) = 1, g(2) = 4, 
g(3) = 7, etc. We also assume that each module in the 
subsystem costs Cjg(k)/k, which is 1/k th of the total 
cost for k modules. Since we have a total of n modules 
in the subsystem, then the cost of the subsystem = 
nc 3g(k)/k. Using this with (1) we obtain 

C = cost of subsystem + E{loss due to subsystem 
failure} 


•n c, g{k)/k * 


k-1 


'M C lE 

X-0 



pcT*. 


For any particular situation with given values of c^, 03, 
r M , p and g(k) we select the n and k to minimize C as 
given above. The n and k thus selected will be the 
optimal subsystem. 

Consider the example of a space electrical power 
subsystem. A rough rule of thumb says that the cost of 
smaller modules for a space electrical power subsystem 


is proportional to the electrical power raised to the .7. 
Thus, for this example g(k) * k(l/k)* 7 . Therefore, a 
subsystem consisting of a single module capable of full 
power would cost ££(1) * 031(1/1) « LOC3, a 
subsystem consisting of 2 modules, each of 1/2 power, 
would cost C3g(2) * C32(l/2)* 7 = I.23C3 to build, etc. 
An n ■ 3 and k * 2 subsystem, Le., one having 3 
modules each of 1/2 power, would cost ncj g(k)/k = 3 
x I23C3/2 « LSScj to build. 


Suppose for a small satellite that the cost due to power 
subsystem failure, Cj, is 100 (million dollars). Let the 
reliability of the satellite (for other than failure of the 
subsystem) be .99, Le., r M * .99. Furthermore, the cost 
of building a single module capable of full power is .5 
million, Le., C3 * 5. And last, let’s say that each power 
module has a reliability of .95. 


From Figure 3 we see, at p = .95, that the n * 2, k = 
1 power subsystem is the best (has the lowest value of 
C). Note however, if p < .948, that the n *= 4, k * 2 
subsystem is the best. Additionally, note that this is a 
much flatter curve. Unless we’re fairly sure that p is 
close to .95, we might choose the n * 4 , k *= 2 
subsystem, since it gives us a relatively low value for C 
over a wide range of p. 



BASIC PROGRAMS 

The authors will provide, upon request, copies of 
BASIC programs (Quickbasic 4 S) to both evaluate C 
and also to search for an n and k which minimize C. 
These programs are also appropriate for models other 
than the two we’ve covered here (see [1] or [2] for more 
detailed information on other models). If you wish a 
copy on disk, please send a formatted disk floppy with 
your request. We also note that all models may be 
used when k is fixed by replacing nc3g(k)/k by nc 4 . 
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Additionally, the cost of launching the subsystem may 
easily be considered merely by including this cost in C 
for the various models. 


CONCLUSIONS 

The methods brought forward in this paper can be used 
to make very definitive decisions in choosing the best 
power (or other) subsystem from a number of 
alternatives. Essentially we minimize the total of two 
costs, Le., the total of the cost of the (power) subsystem 
itself plus the expected cost due to the failure of the 
(power) subsystem. A computer program which ut ilize s 
the methods is available. Its output plots can yield very 
clear, obvious, and straightforward decisions. 
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